Consumers and businesses increasingly rely on computers to store sensitive data. Consequently, malicious programmers seem to continually increase their efforts to gain illegitimate control and access to others' computers. Computer programmers with malicious motivations have created and have continued to create viruses, Trojan horses, worms, and other programs meant to compromise computer systems and data belonging to other people. These malicious programs are often referred to as malware.
Security software companies are combating the growing tide of malware by creating and deploying malware signatures (e.g., sequences of bytes that identify malware) to their customers on a regular basis. By frequently updating malware signatures, security software companies may help their customers secure their computers against new and changing threats.
Given the rapidly increasing number of malicious programs that are being developed, there exists a strong motivation for automatically generating malware signatures that each cover multiple malware files. A technical challenge associated with such automatic malware signature generation is ensuring that the malware signatures do not result in false positives when used to identify or detect malware. In other words, it is desirable to minimize the number of goodware programs that are incorrectly identified as malware using automatically generated malware signatures.